authd/providers/ident.c

   1 /* authd/providers/ident.c - ident lookup provider for authd
   2  * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
   3  *
   4  * Permission to use, copy, modify, and/or distribute this software for any
   5  * purpose with or without fee is hereby granted, provided that the above
   6  * copyright notice and this permission notice is present in all copies.
   7  *
   8  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   9  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  10  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  11  * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
  12  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  13  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  14  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  15  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  16  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
  17  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  18  * POSSIBILITY OF SUCH DAMAGE.
  19  */
  20
  21 /* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
  22  * moved to its own provider.
  23  *
  24  * --Elizafox 13 March 2016
  25  */
  26
  27 #include "stdinc.h"
  28 #include "match.h"
  29 #include "authd.h"
  30 #include "notice.h"
  31 #include "provider.h"
  32 #include "res.h"
  33
  34 #define IDENT_BUFSIZE 128
  35
  36 struct ident_query
  37 {
  38         time_t timeout;                         /* Timeout interval */
  39         rb_fde_t *F;                            /* Our FD */
  40 };
  41
  42 /* Goinked from old s_auth.c --Elizafox */
  43 static const char *messages[] =
  44 {
  45         ":*** Checking Ident",
  46         ":*** Got Ident response",
  47         ":*** No Ident response",
  48 };
  49
  50 typedef enum
  51 {
  52         REPORT_LOOKUP,
  53         REPORT_FOUND,
  54         REPORT_FAIL,
  55 } ident_message;
  56
  57 static EVH timeout_ident_queries_event;
  58 static CNCB ident_connected;
  59 static PF read_ident_reply;
  60
  61 static void client_fail(struct auth_client *auth, ident_message message);
  62 static void client_success(struct auth_client *auth);
  63 static char * get_valid_ident(char *buf);
  64
  65 static struct ev_entry *timeout_ev;
  66 static int ident_timeout = 5;
  67
  68
  69 /* Timeout outstanding queries */
  70 static void
  71 timeout_ident_queries_event(void *notused)
  72 {
  73         struct auth_client *auth;
  74         rb_dictionary_iter iter;
  75
  76         RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
  77         {
  78                 struct ident_query *query = auth->data[PROVIDER_IDENT];
  79
  80                 if(query != NULL && query->timeout < rb_current_time())
  81                         client_fail(auth, REPORT_FAIL);
  82         }
  83 }
  84
  85 /*
  86  * ident_connected() - deal with the result of rb_connect_tcp()
  87  *
  88  * If the connection failed, we simply close the auth fd and report
  89  * a failure. If the connection suceeded send the ident server a query
  90  * giving "theirport , ourport". The write is only attempted *once* so
  91  * it is deemed to be a fail if the entire write doesn't write all the
  92  * data given.  This shouldnt be a problem since the socket should have
  93  * a write buffer far greater than this message to store it in should
  94  * problems arise. -avalon
  95  */
  96 static void
  97 ident_connected(rb_fde_t *F, int error, void *data)
  98 {
  99         struct auth_client *auth = data;
 100         struct ident_query *query = auth->data[PROVIDER_IDENT];
 101         char authbuf[32];
 102         int authlen;
 103
 104         /* Check the error */
 105         if(error != RB_OK)
 106         {
 107                 /* We had an error during connection :( */
 108                 client_fail(auth, REPORT_FAIL);
 109                 return;
 110         }
 111
 112         snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
 113                         auth->c_port, auth->l_port);
 114         authlen = strlen(authbuf);
 115
 116         if(rb_write(query->F, authbuf, authlen) != authlen)
 117         {
 118                 client_fail(auth, REPORT_FAIL);
 119                 return;
 120         }
 121
 122         read_ident_reply(query->F, auth);
 123 }
 124
 125 static void
 126 read_ident_reply(rb_fde_t *F, void *data)
 127 {
 128         struct auth_client *auth = data;
 129         struct ident_query *query = auth->data[PROVIDER_IDENT];
 130         char *s = NULL;
 131         char *t = NULL;
 132         int len;
 133         int count;
 134         char buf[IDENT_BUFSIZE + 1];    /* buffer to read auth reply into */
 135
 136         len = rb_read(F, buf, IDENT_BUFSIZE);
 137         if(len < 0 && rb_ignore_errno(errno))
 138         {
 139                 rb_setselect(F, RB_SELECT_READ, read_ident_reply, query);
 140                 return;
 141         }
 142
 143         if(len > 0)
 144         {
 145                 buf[len] = '\0';
 146
 147                 if((s = get_valid_ident(buf)))
 148                 {
 149                         t = auth->username;
 150
 151                         while (*s == '~' || *s == '^')
 152                                 s++;
 153
 154                         for (count = USERLEN; *s && count; s++)
 155                         {
 156                                 if(*s == '@')
 157                                 {
 158                                         break;
 159                                 }
 160                                 if(*s != ' ' && *s != ':' && *s != '[')
 161                                 {
 162                                         *t++ = *s;
 163                                         count--;
 164                                 }
 165                         }
 166                         *t = '\0';
 167                 }
 168         }
 169
 170         if(s == NULL)
 171                 client_fail(auth, REPORT_FAIL);
 172         else
 173                 client_success(auth);
 174 }
 175
 176 static void
 177 client_fail(struct auth_client *auth, ident_message report)
 178 {
 179         struct ident_query *query = auth->data[PROVIDER_IDENT];
 180
 181         rb_strlcpy(auth->username, "*", sizeof(auth->username));
 182
 183         rb_close(query->F);
 184         rb_free(query);
 185         auth->data[PROVIDER_IDENT] = NULL;
 186
 187         notice_client(auth->cid, messages[report]);
 188         provider_done(auth, PROVIDER_IDENT);
 189 }
 190
 191 static void
 192 client_success(struct auth_client *auth)
 193 {
 194         struct ident_query *query = auth->data[PROVIDER_IDENT];
 195
 196         rb_close(query->F);
 197         rb_free(query);
 198         auth->data[PROVIDER_IDENT] = NULL;
 199
 200         notice_client(auth->cid, messages[REPORT_FOUND]);
 201         provider_done(auth, PROVIDER_IDENT);
 202 }
 203
 204 /* get_valid_ident
 205  * parse ident query reply from identd server
 206  *
 207  * Taken from old s_auth.c --Elizafox
 208  *
 209  * Inputs       - pointer to ident buf
 210  * Outputs      - NULL if no valid ident found, otherwise pointer to name
 211  * Side effects - None
 212  */
 213 static char *
 214 get_valid_ident(char *buf)
 215 {
 216         int remp = 0;
 217         int locp = 0;
 218         char *colon1Ptr;
 219         char *colon2Ptr;
 220         char *colon3Ptr;
 221         char *commaPtr;
 222         char *remotePortString;
 223
 224         /* All this to get rid of a sscanf() fun. */
 225         remotePortString = buf;
 226
 227         colon1Ptr = strchr(remotePortString, ':');
 228         if(!colon1Ptr)
 229                 return 0;
 230
 231         *colon1Ptr = '\0';
 232         colon1Ptr++;
 233         colon2Ptr = strchr(colon1Ptr, ':');
 234         if(!colon2Ptr)
 235                 return 0;
 236
 237         *colon2Ptr = '\0';
 238         colon2Ptr++;
 239         commaPtr = strchr(remotePortString, ',');
 240
 241         if(!commaPtr)
 242                 return 0;
 243
 244         *commaPtr = '\0';
 245         commaPtr++;
 246
 247         remp = atoi(remotePortString);
 248         if(!remp)
 249                 return 0;
 250
 251         locp = atoi(commaPtr);
 252         if(!locp)
 253                 return 0;
 254
 255         /* look for USERID bordered by first pair of colons */
 256         if(!strstr(colon1Ptr, "USERID"))
 257                 return 0;
 258
 259         colon3Ptr = strchr(colon2Ptr, ':');
 260         if(!colon3Ptr)
 261                 return 0;
 262
 263         *colon3Ptr = '\0';
 264         colon3Ptr++;
 265         return (colon3Ptr);
 266 }
 267
 268 static bool
 269 ident_init(void)
 270 {
 271         timeout_ev = rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event, NULL, 1);
 272         return (timeout_ev != NULL);
 273 }
 274
 275 static void
 276 ident_destroy(void)
 277 {
 278         struct auth_client *auth;
 279         rb_dictionary_iter iter;
 280
 281         /* Nuke all ident queries */
 282         RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
 283         {
 284                 if(auth->data[PROVIDER_IDENT] != NULL)
 285                         client_fail(auth, REPORT_FAIL);
 286         }
 287 }
 288
 289 static bool ident_start(struct auth_client *auth)
 290 {
 291         struct ident_query *query = rb_malloc(sizeof(struct ident_query));
 292         struct rb_sockaddr_storage l_addr, c_addr;
 293         int family;
 294         rb_fde_t *F;
 295
 296         auth->data[PROVIDER_IDENT] = query;
 297         query->timeout = rb_current_time() + ident_timeout;
 298
 299         if((F = rb_socket(family, SOCK_STREAM, 0, "ident")) == NULL)
 300         {
 301                 client_fail(auth, REPORT_FAIL);
 302                 return true;    /* Not a fatal error */
 303         }
 304
 305         query->F = F;
 306
 307         /* Build sockaddr_storages for rb_connect_tcp below */
 308         memcpy(&l_addr, &auth->l_addr, sizeof(l_addr));
 309         memcpy(&c_addr, &auth->c_addr, sizeof(c_addr));
 310
 311         /* Set the ports correctly */
 312 #ifdef RB_IPV6
 313         if(GET_SS_FAMILY(&l_addr) == AF_INET6)
 314                 ((struct sockaddr_in6 *)&l_addr)->sin6_port = 0;
 315         else
 316 #endif
 317                 ((struct sockaddr_in *)&l_addr)->sin_port = 0;
 318
 319 #ifdef RB_IPV6
 320         if(GET_SS_FAMILY(&c_addr) == AF_INET6)
 321                 ((struct sockaddr_in6 *)&c_addr)->sin6_port = htons(113);
 322         else
 323 #endif
 324                 ((struct sockaddr_in *)&c_addr)->sin_port = htons(113);
 325
 326         rb_connect_tcp(F, (struct sockaddr *)&c_addr,
 327                         (struct sockaddr *)&l_addr,
 328                         GET_SS_LEN(&l_addr), ident_connected,
 329                         query, ident_timeout);
 330
 331         notice_client(auth->cid, messages[REPORT_LOOKUP]);
 332         set_provider_on(auth, PROVIDER_IDENT);
 333
 334         return true;
 335 }
 336
 337 static void
 338 ident_cancel(struct auth_client *auth)
 339 {
 340         struct ident_query *query = auth->data[PROVIDER_IDENT];
 341
 342         if(query != NULL)
 343                 client_fail(auth, REPORT_FAIL);
 344 }
 345
 346
 347 struct auth_provider ident_provider =
 348 {
 349         .id = PROVIDER_IDENT,
 350         .init = ident_init,
 351         .destroy = ident_destroy,
 352         .start = ident_start,
 353         .cancel = ident_cancel,
 354         .completed = NULL,
 355 };